However I recommend you to use wireguard which is natively supported
If the remote server I'm connecting to had used Wireguard, I would surely use it. But it is about MT connecting as a
client to a remote OpenVPN server, and I do not have any alternative methods available.
Hey, buddy. Hope you find this useful. This is copy of README from my github
Dockerfile
FROM alpine:3.16
RUN apk update && \
apk upgrade && \
apk add --no-cache openvpn iptables && \
rm -rf /var/cache/apk
COPY ./entry.sh /root/
COPY ./config.ovpn /root/
COPY ./config.pass /root/
RUN chmod +x /root/entry.sh
ENTRYPOINT /root/entry.sh
entry.sh
#!/bin/sh
set -x
/usr/sbin/openvpn --config /root/config.ovpn &
until ip l sh tap0 >/dev/null 2>&1; do sleep 1; done
sysctl -w net.ipv4.ip_forward=1
/sbin/iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
/sbin/iptables -A FORWARD -i tap0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o tap0 -j ACCEPT
while sleep 50; do
t=$(ping -c 10 service.home.internal.net | grep -o -E '[0-9]+ packets r' | grep -o -E '[0-9]+')
if [ "$t" -eq 0 ]; then
pkill -f openvpn
/usr/sbin/openvpn --config /root/config.ovpn &
fi
done
config.ovpn Yout configuration of OpenVPN
config.pass Certificate password
Description
Setup a OpenVPN client for access to your home network
Minimum system requirements
RouterOS 7.5 or newer
arm, arm64 or x86 cpu
10 MB disk space (internal NAND storage)
Usage
Setup container on RouterOS. See details
here.
Replace
config.ovpn and
config.pass with your own files. Or configure client like you want
Replace service. home. internal .net in
entry.sh for some host in your home network (for connectivity check). This used for restart connection if it's down.
Build image:
docker buildx build --no-cache --platform linux/arm/v7 -t ovpn-container .
docker save ovpn-container > ovpn-container.tar
arch router cpu
linux/arm/v7 ARM
linux/arm64 ARM64
linux/amd64 x86
Upload
ovpn-container.tar to your router
Setup containers network
/interface/bridge/add name=dockers
/interface/veth/add address=192.168.121.2/24 gateway=192.168.121.1 name=veth1
/interface/bridge/port/add bridge=dockers interface=veth1
/interface/list/member/add interface=dockers list=LAN
/ip/address/add address=192.168.121.1/24 interface=dockers network=192.168.121.0
/ip/firewall/nat/add action=masquerade chain=srcnat src-address-list=192.168.121.0/24
Setup routing
/routing/table/add disabled=no fib name=homeNetwork
/ip/route/add disabled=no distance=1 dst-address=172.16.0.0/12 gateway=192.168.121.2 \
pref-src=0.0.0.0 routing-table=homeNetwork scope=30 suppress-hw-offload=no \
target-scope=1
/routing/rule/add action=lookup disabled=no dst-address=172.16.0.0/12 table=homeNetwork
Create container
/container/add file=ovpn-container.tar interface=veth1 dns=192.168.121.1 logging=yes
/container/start 0
Done, now you can access all your services in
172.16.0.0/12 network